Tag: binary diffing

6 articles
Date Thu 12 October 2023
Authors Roxane Cohen, Robin David, Riccardo Mori
Category Program Analysis

This blog post presents an overview of QBinDiff, the Quarkslab binary diffing tool officially released today. It describes its core principles and shows how it works on binaries as well as on general graph matching problems unrelated to IT security.

Date Thu 16 May 2019
Authors Tom Czayka, Romain Thomas
Category Android

This blog post is about detecting modifications between genuine and repackaged applications.

Date Thu 02 May 2019
Author Tom Czayka
Category Android

This blog post is about examining an Android security patch and understanding how it mitigates the vulnerability.

Date Wed 24 April 2019
Authors Tom Czayka, Romain Thomas
Category Android

This blog post is about how to efficiently spot code mutations between distinct versions of an Android application.

Date Tue 02 May 2017
Author Francisco Falcon
Category Exploitation

On February 9, 2017, Natalie Silvanovich from Google Project Zero unrestricted access to P0's issue #983 [1], titled "Microsoft Edge: Use-after-free in TypedArray.sort", which got assigned CVE-2016-7288 and was patched as part of Microsoft security bulletin MS16-145 [2] during December 2016. In this blog post we discuss how I managed to exploit this UAF issue to obtain remote code execution on MS Edge.

Date Thu 23 February 2017
Authors Francisco Falcon, Richard Le Dé
Category Reverse-Engineering

On September 13th, 2016 Microsoft released security bulletin MS16-104 [1], which addresses several vulnerabilities affecting Internet Explorer. One of those vulnerabilities is CVE-2016-3353, a security feature bypass bug in the way .URL files are handled. This security issue does not allow for remote code execution by itself; instead, it allows attackers to bypass a security warning in attacks involving user interaction. In this blogpost we discuss the whole process, from reverse engineering the patch to building a Proof-of-Concept for this vulnerability.